Message ID | 20230918192204.32263-1-jason-jh.lin@mediatek.com (mailing list archive) |
---|---|
Headers | show |
Series | Add CMDQ secure driver for SVP | expand |
Hi, Jason: On Tue, 2023-09-19 at 03:21 +0800, Jason-JH.Lin wrote: > For the Secure Video Path (SVP) feature, inculding the memory stored > secure video content, the registers of display HW pipeline and the > HW configure operations are required to execute in the secure world. > > So using a CMDQ secure driver to make all display HW registers > configuration secure DRAM access permision settings execute by GCE > secure thread in the secure world. > > We are landing this feature on mt8188 and mt8195 currently. I'm doubt that GCE could be secure enough. Hacker would try any way to hack TEE. If the interface is simple, it's easy to check in the interface entry. But GCE command has enormous combination, how to check it's not hacked? One example is that hacker could use cmdq_pkt_read_s() and cmdq_pkt_write_s() to do memory copy and send this packet to secure GCE. Could this memory copy touch secure memory? Or don't worry about this, once hacker find a way to break this, just find a way to fix it? > > Jason-JH.Lin (15): > dt-bindings: mailbox: Add property for CMDQ secure driver > dt-bindings: gce: mt8195: Add CMDQ_SYNC_TOKEN_SECURE_THR_EOF event > id > soc: mailbox: Add SPR definition for GCE > soc: mailbox: Add cmdq_pkt_logic_command to support math operation > mailbox: mediatek: Add cmdq_pkt_write_s_reg_value to CMDQ driver > mailbox: mediatek: Add cmdq_mbox_stop to disable GCE thread > mailbox: mediatek: Add loop pkt flag and irq handling for loop > command > soc: mediatek: Add cmdq_pkt_finalize_loop to CMDQ driver > mailbox: mediatek: Add secure CMDQ driver support for CMDQ driver > mailbox: mediatek: Add CMDQ secure mailbox driver > soc: mediatek: Add cmdq_insert_backup_cookie before EOC for secure > pkt > mailbox: mediatek: Add CMDQ driver support for mt8188 > mailbox: mediatek: Add mt8188 support for CMDQ secure driver > mailbox: mediatek: Add mt8195 support for CMDQ secure driver > arm64: dts: mediatek: mt8195: Add CMDQ secure driver support for > gce0 > > .../mailbox/mediatek,gce-mailbox.yaml | 30 +- > arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 + > drivers/mailbox/Makefile | 2 +- > drivers/mailbox/mtk-cmdq-mailbox.c | 67 +- > drivers/mailbox/mtk-cmdq-sec-mailbox.c | 1103 > +++++++++++++++++ > drivers/mailbox/mtk-cmdq-sec-tee.c | 202 +++ > drivers/soc/mediatek/mtk-cmdq-helper.c | 81 ++ > include/dt-bindings/gce/mt8195-gce.h | 6 + > include/linux/mailbox/mtk-cmdq-mailbox.h | 15 + > .../linux/mailbox/mtk-cmdq-sec-iwc-common.h | 293 +++++ > include/linux/mailbox/mtk-cmdq-sec-mailbox.h | 83 ++ > include/linux/mailbox/mtk-cmdq-sec-tee.h | 31 + > include/linux/soc/mediatek/mtk-cmdq.h | 65 + > 13 files changed, 1971 insertions(+), 9 deletions(-) > create mode 100644 drivers/mailbox/mtk-cmdq-sec-mailbox.c > create mode 100644 drivers/mailbox/mtk-cmdq-sec-tee.c > create mode 100644 include/linux/mailbox/mtk-cmdq-sec-iwc-common.h > create mode 100644 include/linux/mailbox/mtk-cmdq-sec-mailbox.h > create mode 100644 include/linux/mailbox/mtk-cmdq-sec-tee.h >
Hi CK, On Wed, 2023-09-20 at 03:08 +0000, CK Hu (胡俊光) wrote: > Hi, Jason: > > On Tue, 2023-09-19 at 03:21 +0800, Jason-JH.Lin wrote: > > For the Secure Video Path (SVP) feature, inculding the memory > > stored > > secure video content, the registers of display HW pipeline and the > > HW configure operations are required to execute in the secure > > world. > > > > So using a CMDQ secure driver to make all display HW registers > > configuration secure DRAM access permision settings execute by GCE > > secure thread in the secure world. > > > > We are landing this feature on mt8188 and mt8195 currently. > > I'm doubt that GCE could be secure enough. Hacker would try any way > to > hack TEE. If the interface is simple, it's easy to check in the > interface entry. But GCE command has enormous combination, how to > check > it's not hacked? One example is that hacker could use > cmdq_pkt_read_s() > and cmdq_pkt_write_s() to do memory copy and send this packet to > secure > GCE. Could this memory copy touch secure memory? Or don't worry > about > this, once hacker find a way to break this, just find a way to fix > it? We have put a lot protection mechanism in the secure world to avoid the secure video content reveal from our SoC. The hackers may try to add some commands in to cmdq secure pkt, but we'll check all the commands in secure world for every secure pkt and find out the invalid one with whitelist registers checking, DAPC HW protection for write instruction to DRAM with configuring WDMA, larb secure protection for read secure DRAM from normal world, checking read_s instructions for memory copy to an invalid DRAM addr,etc. Maybe hackers would find the way to break the video playback, but they can not find the way to steal the secure video content by adding a commands into secure cmdq pkt. Regards, Jason-JH.Lin > > > > > Jason-JH.Lin (15): > > dt-bindings: mailbox: Add property for CMDQ secure driver > > dt-bindings: gce: mt8195: Add CMDQ_SYNC_TOKEN_SECURE_THR_EOF > > event > > id > > soc: mailbox: Add SPR definition for GCE > > soc: mailbox: Add cmdq_pkt_logic_command to support math > > operation > > mailbox: mediatek: Add cmdq_pkt_write_s_reg_value to CMDQ driver > > mailbox: mediatek: Add cmdq_mbox_stop to disable GCE thread > > mailbox: mediatek: Add loop pkt flag and irq handling for loop > > command > > soc: mediatek: Add cmdq_pkt_finalize_loop to CMDQ driver > > mailbox: mediatek: Add secure CMDQ driver support for CMDQ driver > > mailbox: mediatek: Add CMDQ secure mailbox driver > > soc: mediatek: Add cmdq_insert_backup_cookie before EOC for > > secure > > pkt > > mailbox: mediatek: Add CMDQ driver support for mt8188 > > mailbox: mediatek: Add mt8188 support for CMDQ secure driver > > mailbox: mediatek: Add mt8195 support for CMDQ secure driver > > arm64: dts: mediatek: mt8195: Add CMDQ secure driver support for > > gce0 > > > > .../mailbox/mediatek,gce-mailbox.yaml | 30 +- > > arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 + > > drivers/mailbox/Makefile | 2 +- > > drivers/mailbox/mtk-cmdq-mailbox.c | 67 +- > > drivers/mailbox/mtk-cmdq-sec-mailbox.c | 1103 > > +++++++++++++++++ > > drivers/mailbox/mtk-cmdq-sec-tee.c | 202 +++ > > drivers/soc/mediatek/mtk-cmdq-helper.c | 81 ++ > > include/dt-bindings/gce/mt8195-gce.h | 6 + > > include/linux/mailbox/mtk-cmdq-mailbox.h | 15 + > > .../linux/mailbox/mtk-cmdq-sec-iwc-common.h | 293 +++++ > > include/linux/mailbox/mtk-cmdq-sec-mailbox.h | 83 ++ > > include/linux/mailbox/mtk-cmdq-sec-tee.h | 31 + > > include/linux/soc/mediatek/mtk-cmdq.h | 65 + > > 13 files changed, 1971 insertions(+), 9 deletions(-) > > create mode 100644 drivers/mailbox/mtk-cmdq-sec-mailbox.c > > create mode 100644 drivers/mailbox/mtk-cmdq-sec-tee.c > > create mode 100644 include/linux/mailbox/mtk-cmdq-sec-iwc-common.h > > create mode 100644 include/linux/mailbox/mtk-cmdq-sec-mailbox.h > > create mode 100644 include/linux/mailbox/mtk-cmdq-sec-tee.h > >